Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why do you use a VPN?
38 points by pwython on July 6, 2022 | hide | past | favorite | 81 comments
Almost every YouTuber I see is sponsored by some type of VPN company, so it's obviously a lucrative vertical. I've been on the internet since the late 90's and still can't wrap my mind around any reason to pay for a VPN service aside from nefarious purposes.

Hoping to hear what your particular use case is to shell out that monthly fee.




The term “VPN” has become a bit overloaded. It can mean, among other things:

1) a corporate VPN you connect to in order to gain access to corporate resources. Cisco AnyConnect, OpenVPN, IPsec/L2TP are examples of this type.

2) An overlay network that allows seamless (and secure) access to systems on disparate networks. Wireguard (and thus Tailscale), ZeroTier are examples of this type.

3) A way for individuals to obscure their internet traffic by tunneling it to a VPN provider. Mullvad, PIA, Nord are examples of this type.

All of the sponsorships you see are from companies in category #3. It is my opinion that there are very few circumstances where using a VPN (#3) is useful or needed. HTTPS is ubiquitous, and browsers have various mechanisms for MitM prevention and other anti-spoofing/anti-tampering mechanisms. Taken together, these provide a high degree of protection that wasn’t necessarily as widely-deployed just a handful of years ago - a time when using a VPN was more useful.

Are there situations where using a VPN (#3) is warranted? Yes, for sure. However, these content creators who are taking sponsor money from VPN providers are doing their viewers a disservice by making them think they need a VPN. 99% of the public does not, and should not waste their money on it.


I think your terminology is a bit mixed up: OpenVPN and WireGuard are technologies that can be used for any of those three purposes. For example, Mullvad/PIA/etc are hosted vpns that you can use OpenVPN or WireGuard to connect to.


I know this, and was speaking in generalities. Of course there are a plethora of ways any of these technologies can be used. I laid out examples of how I see them all used most frequently.


>Are there situations where using a VPN (#3) is warranted

Anonymity and therefore privacy. An ISP-assigned IP address reveals a lot of information about you. With a court order it can be traced back to you. Suppose a dissident wants to publish information adverse to the government, there's a situation.


That's one, but a bigger one is accessing out-of-region media.

Most (all?) streaming services are geo-locked, and do not contain the same libraries in different markets (if they are available at all.)

So VPNs are a common way of accessing streaming which would otherwise be unavailable.

While this is "piracy of a sort", it does imply an actual paid subscription, albeit in the wrong territory. So its more-honest than the alternative (plex etc)


Piggybacking off of this comment, I’d be very curious to know the HN sentiment on piracy as a whole

Net good, net bad, somewhere in between?


As one who makes a living selling software, I'm against piracy, and would prefer people to be honest. I prefer not to pirate myself if it's avoidable.

That said, I'm aware my stuff is pirated, for various reasons, and I pretty much ignore that. Pirate users might turn into customers one day. I make minimal effort to prevent piracy, mostly to make sure the experience for paid users is as simple and streamlined as possible.

I prefer to consume my media via paid channels, and that is easy and convenient (and cheap) to do (now) so that's much easier to do now than it was 20 years ago.

My attitude to open source licensing is the same. I'll happily integrate MIT licensed material into commercial offerings, but I respect the rights of GPL authors, and I understand that is off the table. I believe authors have a right to choose the license they want, commercial, open or free, and it's up to me to respect that right.


It's a mistake to think there is a general "HN sentiment"

In general my view is "piracy bad, working around geo-blocks ok".

Interestingly this roughly reflects the view of regulators in my jurisdiction[1]:

> The Productivity Commission (PC) in December 2016 recommended that the Government make it easier for consumers to access legitimate copyright-protected content by:

> amending the Copyright Act 1968 (Cth) to make clear that the circumvention of geo-blocking technology by consumers is not an infringement of copyright; and

> avoiding international obligations that would prevent or ban consumers from circumventing geo-blocking technology.

> the ACCC supported the PC’s recommendation,

[1] https://incompetition.com.au/2017/12/blocking-geo-blocking/


> Suppose a dissident wants to publish information adverse to the government, there's a situation.

In what case would a commercial VPN provider, which will have a payment path associated to you, be better than something like Tor for the sort of user who fears government retribution?

Commercial VPN services are pretty much exclusively for doing things that annoy copyright holders. They're great for that, but for almost any other use case where one might want a VPN they're not the best choice.


payment can be done anonymously through cash in the mail. Lot of services offer that. Nevertheless, it would be foolish to think a commercial VPN provider is enough to keep the three letter boys and girls away - or other sophisticated actors. I just hope it's enough to watch movies online...


Dissidents should use Tor (best done in a RAM-only environment that’s not running on their own computer) and not fuck around with VPNs because it’s go to jail or worse. There are countless ways for someone, even an expert, to hang himself using a VPN.


Unfortunately, these days fingerprinting is pretty advanced, a VPN offers you almost no protection.

Even tor, if not used very carefully.


The only thing left outside HTTP that the average person must worry for is unencrypted DNS requests .. but progress is being made there


I do it to keep all my devices on the same IP subnet. Things like Syncthing and SSH "Just Work" over cellular data and McDonalds Guest Wifi as if you were on a home network. Tailscale does this really well, and they don't try to market themselves as some privacy broker. They're a plain-and-simple virtual router, and it works really well in my experience.


Agreed. Tailscale has been the first product that has surprised me with delight in quite a long time. It does “just work”, and does so very well in my experience.


I was poking around a government website one day, noticed a security issue, later showed someone that vulnerability I found, this person proceeded to poke around with the website for hours (unbeknown to me) without causing any harm. A few weeks later I had the somewhat local police take a lot of my belongings and charge me with a multi felony crime. I had to pay an attorney 10s of thousands of dollars to basically have the whole thing go away. Now I have a felony arrest record that I still have pop up on background checks even 10 years later.

If I would have been using a VPN, I think the barrier would have been too high for the local police to do this on their own. According to the warrants, the local cyber investigators literally emailed comcast and they just sent them over my physical address.

With a good VPN, I think there would have been some red tape or at least a few more hurdles to complicate the situation.

This probably isn't the normal use case... but I now try to use a VPN, not because I'm doing anything nefarious or that I think it's truly anonymous. I just know it will raise the effort required to ruin my life in this same way again.


This was my first thought when reading OP's post. A big chunk of VPN usage is almost by definition for "nefarious" purposes. But the pt is that trusting government to reliably and morally define "nefarious" for you is incredibly foolish.


1) For work if I want to appear in a location.

2) Security if in public eifi environments.

3) Occasionally to obfuscate information if I want to download a movie or look at information, nothing interesting/nefarious but maybe you want to look at health stuff and not feel some insurance company is going to target you for ads or assume you have the condition type thing.

4) Using phone for international travel. If you use a server in your home county, turn on wifi calling and use the phone as normal for calls/text. This is how it should be.


1. Security on a public wifi.

2. Playing games on the internet with creeps who will dig through IP logs for my location. Yes, they can fingerprint my device, but device is easier to change and safer than location info.

3. Tricking Netflix into thinking I'm in Australia so I can watch Rick & Morty.


I hate that 2) is a thing, especially if you have a console that just does P2P matchmaking assisted by the server for NAT punching. My friends that play CoD or similar quite literally get attacked off the internet for winning rounds at least every single night they play more than an hour or so, it's that low of a bar of entry.


Certain MMOs I play run along the span of years. It's literally easier to get some people to delete their account than to beat them in game. Game admins and clan leaders are sometimes attacked to overturn decisions.


Why does it protect you on public Wi-Fi? Won’t MitM just be between you and the VPN?


To my understanding, the VPN I use (Mullvad) encrypts all packets that go to them. It's not just a proxy.


If you're questioning whether it's trivial to MitM a VPN connection, no it's not.


"aside from nefarious purposes"

It's not that nefarious to go around region blocks to get access to content that probably shouldn't have been blocked from you in the first place. If I'm traveling, I'm still the same person they let watch the same program at home. Or, if I want to watch Russian State controlled news, why does my government get to block it?


> Or, if I want to watch Russian State controlled news, why does my government get to block it?

Woah, is this a real example? Where do you live?


Yes, it's a real example. Here's the EU press release:

https://www.consilium.europa.eu/en/press/press-releases/2022...

And to head off any speculation, I'm aware of what RT is, I just don't need any nannies that think I might not understand how propaganda works.


Not OP but, since the Russian invasion of Ukraine, Russian state-backed media in France has been blocked/blacklisted. RT had three (or four?) different channels on TV here (English, French, Spanish, and Arabic I think) and they all have been disconnected.


Wow, that's wild. I'm aware that speech norms are very different in Europe vs the US. Without making any normative claims about which one is better, it's just very alien to me.


That's just from broadcast TV, where a VPN is useless. The website is still readily accessible for those intent on consuming Russian propaganda for whatever reason.


It was also blocked from various streaming services. One example: https://www.voanews.com/a/6468770.html


Although I do not use VPN for any illegal purpose, I pay for it so that 1. My internet provider would not know which sites I am visiting. 2. My sites would not know what is my actual location.

This prevents them from creating my profile and helps me protect my privacy. (I hope so).

I have made a concious decision that I would rather trust a VPN like Mullvad than my internet provider or websites.


International travel. My bank (credit union) and cell phone provider (AT&T) both block non-US access. I also use it to get around Vietnam's blocking of websites e.g. BBC.


+1, this was essential for me while living abroad. Even if they did allow access (e.g. PayPal), I’d have to jump through hoops to verify my identity. Easier to just turn on a VPN.


1. My country randomly blocks websites and services. VPN is essential. 2. Have to access some sites and services with geoIP restrictions. 3. Accessing certain sites and all which I don't want to be tracked. 4. To avoid exposing my IP.


My ISP quite openly says that they spy on your traffic to monetize it. This is violently unacceptable to me, so I do my best to deny them that data.


If it's violently unacceptable, why are you paying them money? Why not change ISPs?


Dumb question, how can they spy on it if it’s https?


They can't see what you're doing on HTTPS sites (barring any probably-illegal tinkering like MITM), but they can mostly recognize which sites you visit, your level of traffic to them, and enough schedule-based information to build a pretty good profile of you.


They can usually still see Domain names. DNS traffic is normally sent in the clear and in the event it’s not the SNI field in TLS (https) is unencrypted. So your ISP can know which domains you visit but not the individual sites on those domains you visit. (i.e they would know you visited google.com but not that you requested the page: google.com/q=your+question) Which depending on the site might not be all that sensitive but I’m sure you can think of a few examples of sites you wouldn’t want anyone to knowing you went to even if they couldn’t see which page.


HTTPS only protects the payload. The IP addresses of src/dst are still unencrypted. And DNS is also unencrypted (though if "dns over https" catches on, that might change in the future).


AFAIK The ISP still obtains and stores full urls, time stamps and log all http requests even if content is encrypted

In the uk they are legally required to store it for 12 months as well


Hosts/domains, not full URLs. The path part of a URL is encrypted and ISPs can't know it without acting as a MITM, and unless they have also installed malware/trusted certificates on your computer, there's very low likelihood they are doing that.


Thanks for clarifying


Https encrypts the content not the destination. Your isp still needs to send your request to the server. Further there are also DNS requests.


> so it's obviously a lucrative vertical.

I don't have direct exposure but this is a highly commoditized industry with tons of competition. I imagine profits are razor thin for most providers.


You could rent two 5 dollar droplets for the price of vpn service. There is a reason why so many providers exist. The costs to operate are profitable.. but throw in advertising trying to beat nordvpn and millions get spent.


UK ISPs are legally required to collect browsing data like a log of URLs visited and store them long-term. I hate being snooped on. And I need to feel free to read and research whatever I want without that being logged somewhere that is open to data brokering, profiling, or the usual data breach vulnerabilities. Finally, I’ll do anything and everything to disrupt the pervasive internet marketing machine.

“Privacy is not about having something to hide.”

Plus I torrent a bunch of stuff of course :v


I only use one for work, they're a bit careful about encrypting traffic and we have a number of resources only available on intranet.


Why? A few reasons:

- Spoofing geolocation to watch geo-locked content like BBC iPlayer (You need a UK IP for this)

- Torrenting. I don’t want to get scare letters from my ISP, so I use a VPN. I find Wireguard to be the fastest in this case.

- Protecting my network traffic on shady public Wi-Fi. Some public Wi-Fi hotspots could be malicious and could be spying or tampering with your connection.


I moved from the Netherlands (where I was born) to Germany, and I mostly use my VPN to bypass the location block on video from Dutch public broadcasting. I even still pay taxes in the Netherlands (still work there), so I feel perfectly absolved from the little moral issue anyone might have with this.


Comcast throttles traffic to sites it doesn't like and is (most likely) selling poorly deanonymized usage data. This just moves the trust problem to mullvad, but comcast sets a low enough bar that $5 a month is worth it.


From what I saw in gaming circles, VPNs are used to minimize the path between the gamer and an out of region server.

Eg, in Quake, the current e-sports tournament is being played "cross-region", people in US and EU and Oceania compete against each other. Using a VPN can shave some milliseconds off the "ping time" to the servers they're playing on (I think the rule is to use consecutively one server in each player's region).

So if the demographic of the youtubers that you mentioned is gamers, then maybe VPNs have their place, not for opsec, but for plain faster internet to remote servers.


99% access my home network remotely, but that's not really the use case of VPN services that get promoted. If I used those it would be 99% dodging geo restrictions, but I'm not motivated enough to do that.


> aside from nefarious purposes.

yup, that's the reason. and the youtubers and the vpn companies aren't even trying to hide it - they straight-up say it in the ads.


I would get an ad vaguely implying that you have a better chance to get away with piracy, but it amazes me these ads just outright say "set your VPN to India and Netflix is cheaper".


In Australia there are metadata retention laws[1]. I have a mild objection to that in philosophical terms and using a VPN gives me some control over that.

[1] https://www.homeaffairs.gov.au/about-us/our-portfolios/natio...


VPN stands for video pirating network, most of the time.

Either "legit" piracy so you can watch content you pay for from another country, or less legitimate piracy.


I bought a month of Mullvad because Steam could not fathom that I lived in country X (and wanted to pay with an Xian card) but was vacationing in country Y


Avoid IP-based geo-location of street address. Combine with anti-fingerprinting. Avoid restrictions from non-network-neutral ISP.


IP can't be geolocated to a street address.

Translating your IP to your street address would require some larger network compromise (probably at the ISP level) or actually getting PII from your ISP.


There are multiple public databases available via web search, which can map residential, relatively static, IP addresses within a few city blocks, at least in large urban areas. That's usually enough to cross-reference with other sources and obtain an exact street address.

There's also geolocation data compiled by browsers, https://en.wikipedia.org/wiki/Mozilla_Location_Service


You still haven't provided evidence that IP address alone can be translated to a street address. You can't because it doesn't. IP addresses were never intended to be confined to that small of a geographic area.

> There are multiple public databases available via web search, which can map residential, relatively static, IP addresses within a few city blocks, at least in large urban areas.

I have never seen anything like this. Can you link to one? IP addresses just don't resolve to that level of detail, even in large urban areas. My own IP address (in a large urban area) resolves to a city ~25 miles away from me.

> There's also geolocation data compiled by browsers, https://en.wikipedia.org/wiki/Mozilla_Location_Service

This doesn't use IP. It uses local network IDs.


> IP addresses were never intended to be confined to that small of a geographic area.

Design intentions are different from what exists today, where an ISP can assign a residential home IP that remains the same until their CPE is rebooted, which can often be several months.

> IP addresses just don't resolve to that level of detail.

That depends on what the geolocation service provider is willing to publish, keeping in mind their ability to cross-reference with multiple signal sources. e.g. if someone enters their home address into a site for shipping/delivery, what are the chances that at least one ad-tech data broker on that page is linking their IP to the user-entered street address? There are many other potential signal sources.

> It uses local network IDs.

Which have often been precisely geolocated by cellphones (with GPS) or StreetView mapping vehicles. The browser also has access to IP address that is "near" those SSIDs..


Sometimes I could not use bbc.com from my mobile. By switching to VPN, it works. I don’t know why they block bbc.com in the ISP.


Primarily, to evade blackout restrictions on MLB games. I pay for an annual pass and am still blacked out from three regional teams, regardless of where they’re playing. (And I’m lucky: some parts of Iowa have six teams blacked out, which means those folks can’t watch almost half of the league play at any given time.)


1. Sanctions. If person's country is under restrictions from the rest of the world, they need to spoof their location to be able to pay for various services.

2. Censorship.

3. An overlay network. Not really possible with most traditional commercial VPN services, but it will allow access to home devices and remote servers seamlessly.


I use WireGuard to connect to my VPSs to access services without having to expose them on an open port.


BitTorrenting pirated movies.


In China,an ordinary people need VPN to access google,youtube,twitterm,etc


I don't use a commercial one, but I have my own for ignoring filtered wifi and for getting to my home network from not-home.

Plus of course there's the company vpn for working from not-the-office.


A lot of random state portals and even mint.com are restricted from outside the USA. So while traveling I have to either remote desktop into my computer at home or just use a VPN.


You can more safely do torrenting when using a VPN in another country.

For hiding my IP for web surfing, I use Tor instead since it's free.


To manage shared social media accounts around the clock with multiple employees in different timezones.


Could you tell me a bit more about that setup? How exactly does a VPN fit into that flow, instead of just sharing the social media account passwords?


Trying to not get banned from social media probably


Exactly! If we don’t then Instagram keeps asking for extra verification / captchas / etc ... just to avoid those annoyances


I don't use a VPN, except ssh to connect to work.


I use it to watch BBC and Channel4 from Poland.


Because I will buy whatever you're selling if it has the word "privacy" in it.


to bypass xCloud region restrictions




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: